Crowd Sourcing Human Analyst Playbooks for Insider Threat Mitigation

View/Open

Download Record

Author

Date

Metadata

Abstract

We conducted an analysis of the insider threat (InT) hub processes derived from multiple organizations and perspectives. InT analysts, case managers and subject matter experts interacted in a crowd-sourcing game called the Massively Multiplayer Online Wargame Leveraging the internet (MMOWGLI) using themes derived from interviews to stimulate seeds (inputs). Themes, issues and recommendations from the wargame were further refined and are included in a version of the framework for a Navy InT hub. IDEF format modeling was used to analyze processes, procedures and personnel roles from the results of the field research and MMOWGLI, and from documents from SPAWAR 5.0 and interviews with the Defense Security Service (DSS) and Defense Intelligence Agency (DIA). Using case examples from the Carnegie-Mellon Computer Emergency Readiness Team (CERT), we propose a set of ﾓplaybookﾔ processes. We elicit the key aspects of Hub Architecture organization and information flow that must be considered when devising an Insider Threat Hub playbook.

The Transportation Security Administration (TSA) defines insider threat as the risk posed by workers with inside access and knowledge to exploit vulnerabilities in the nation's transportation systems. In recent years, ...

Insider threat is a significant problem for both governmental and private organizations. Individuals can do immense harm with their trusted accesses. To combat this threat, organizations have created departments with trained ...

Extensive studies and research have been conducted on insider threats, the possible causes, predictive models and best practices for prevention, early detection, and mitigation of the threats of insider attacks to a wide ...